On Tue, Dec 12, 2017 at 06:22:19PM +0100, Jan Bramkamp wrote: > > On 12.12.17 15:28, Poul-Henning Kamp wrote: > > For the FreeBSD SVN tree, this could almost be as simple as posting > > an email, maybe once a week, with the exact revision checked out > > and the PGP signed output of: > > > > svn co ... && find ... -print | sort | xargs cat | sha256 > > > > Such an archive would also be invaluable for reauthenticating in > > case, somebody ever manages to do something evil to our repo. > > > > > Solve the problem at the correct location -- either fix svn to sign and > > > verify updates or dump it for something that can and use that existing > > > mechanism (e.g. git) > > > > As I mentioned humoursly to you in private email, I don't think > > this particular problem will reach consensus any sooner if you > > also tangling it in the SVN vs GIT political issue. > > How about an uncompressed tarball signed with signify? It could be > replicated with rsync (or zsync) and getting security patches wouldn't > require lots of network bandwidth.
Portsnap already provides signed snapshots of the tree from mirrors. The main problem is checking out the full tree as-is from the subversion servers. > > I still prefer to encrypt every transfer with PFS only protocols, but even > with transport encryption in place content authentication is still valuable > because it allows the use of caching proxies. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
